Content delivery system, information processing apparatus or information processing method, and computer program

ABSTRACT

A copyright-managed environment is provided in which encrypted content and a license for decrypting the content are handled separately. Each client registered in the environment uses content legitimately. After the content acquired by a client A of a user is stored into a client B of the same user, the client B may receive a new license for the same content from a license server. This allows the content to be shared between the clients A and B while the copyright of the content is protected. The inventive environment allows the user having acquired a license to use the corresponding content on a plurality of apparatuses in his or her possession while illegal content uses are forestalled.

TECHNICAL FIELD

The present invention relates to a content delivery system, aninformation processing apparatus or method, and a computer program formanaging the uses of contents such as moving images and digital dataincluding music data, image data and electronic publications, alldelivered to their destinations over networks. More particularly, theinvention relates to a content delivery system, an informationprocessing apparatus or method, and a computer program for managing theuses of content based on contracts such as licenses as well as onspecific use conditions.

Furthermore, the present invention relates to a content delivery system,an information processing apparatus or method, and a computer programfor controlling the uses of contents by granting licenses to contentusers for copyright protection. More specifically, the invention relatesto a content delivery system, an information processing apparatus ormethod, and a computer program for enabling a licensed user to usecontents on a plurality of apparatuses while preventing illegal contentuses.

BACKGROUND ART

With the widespread acceptance of the Internet in recent years, thedelivery over the network of diverse kinds of digital contents such ascomputer files is thriving. As broadband communication networks(xDigital Subscriber Line (xDSL), CATV (cable TV), wireless networks,etc.) are coming into general use today, a viable framework is being setup to allow digital data including music data, image data and electronicpublications, as well as so-called rich contents like moving images, tobe transmitted to users with no stress.

Because the contents to be delivered over the network is in digitalform, it can be copied, falsified or otherwise manipulated in a fairlyeasy manner. Indeed, content is copied, falsified or otherwisemanipulated all the time today. This has been a major impediment toletting content venders enjoy just benefits from marketing their digitalproducts. As a result, the venders have been forced to raise the pricesof their contents to compensate their losses. The high prices in turnconstitute another impediment to the smooth distribution of digitalcontent.

Utilization of encryption technology makes it possible to protectcontents delivered over communication channels from getting tapped byunscrupulous third parties. However, protecting the delivered contentssolely during transmission is not enough. Unlawful copies of contentsdelivered to legitimate users have also become a major issue.

One way of dealing with the problems concerning digital content is byresorting to the scheme called Digital Rights Management (DRM) that hasbeen adopted recently. What follows is an overview of DRM together witha description of some problems it has raised.

Digital Rights Management (DRM) provides a framework allowing users touse content only after getting licenses to use it. Variations of thisscheme include “Windows Media Right Manager” offered by MicrosoftCorporation and “Electronic Media Management System (EMMS)” provided byIBM Corporation, both firms based in the United States.

A typical DRM system is constituted by a content provider, a licenseadministrator, and users. The users each own a content reproductionapparatus that is employed to make use of contents. The licenseadministrator issues licenses to the users while the content provideroffers content to them.

Content (Cont) is distributed in a format E(K_(c),Cont) encrypted by useof a key (content key K_(c)) that differs from content to content. Thistype of content will be referred to as encrypted contents in thedescription that follows.

When a user wants to use a content Cont, he or she requests the licenseadministrator to issue a relevant license for the desired content. Onreceiving the request, the license administrator performs an appropriatefee-charging process regarding the user in question before issuing thelicense.

Specifically, issuing the license means furnishing a content key K_(c)to the user's content reproduction apparatus. The license administratorshares a different encryption key K_(u) with each of the reproductionapparatuses registered. (The sharing of an encryption key K_(u) occursupon issuance of each license, or previously shared keys are installedin the reproduction apparatuses.) The content key K_(c) is encryptedinto data E(K_(u),K_(c)) by use of the encryption key Ku before the datais transferred to the reproduction apparatus. The data will be calledthe “license token” hereunder.

The user's reproduction apparatus that received the license can proceedwith content reproduction using the encryption key K_(u), receivedlicense token E(K_(u),K_(c)), and encrypted content E(K_(c),Cont).Initially, the content key K_(c) is decrypted from the license tokenE(K_(u),K_(c)). The content (Cont) is then decrypted for reproductionfrom the encrypted content E(K_(c),Cont) using the content key K_(c).The content can be used only if the combination of the reproductionapparatus, license token, and encrypted content is valid, i.e., only ifthe user has duly acquired the license.

In order to ensure that the copyright of content is protected, thereproduction apparatus must prevent decrypted content from leaking out.This requires the reproduction apparatus to operate in such a mannerthat the encryption key K_(u), content key K_(c), and decrypted contentCont will not get out. Once the decrypted content leaks out, it can becopied and abused unlimitedly. In other words, the reproductionapparatus must be capable of preventing the encryption key K_(u),content key K_(c), and encrypted content Cont from coming out of theapparatus. This type of apparatus will be called a “legitimate”reproduction apparatus hereunder.

Under the DRM scheme, the issuance of a content license (i.e.,permission to use) to a user is realized when the content key K_(c) isgranted to the user's (specific) reproduction apparatus. The granting ofthe license is predicated on the condition that the reproductionapparatus receiving the content key K_(c) be legitimate. It follows thatthe license administrator, whenever issuing a license, must identify alegitimate apparatus for which the license (i.e., content key) isdestined. The license administrator is thus required to possess adatabase of legitimate reproduction apparatuses and a database serves asthe basis for issuing licenses.

However, given the fact that there are so many reproduction apparatusesin use, it is too costly and/or time-consuming to search the databasefor every destination apparatus requesting a license. Furthermore, wherelicenses need to be issued frequently because of a particular contentdownload scheme, the server accommodating the database will likely beoverloaded.

Suppose that certain content is to be offered to a specific user. Thisinvolves advance authentication of the user. In the DRM setup, theauthentication of the user must be supplemented with identification ofthe content reproduction apparatus owned by the user in question. Alicense then needs to be generated for the identified apparatus. Thesesteps take time and often lower the speed at which the content isprovided.

The average user owns and utilizes a plurality of content reproductionapparatuses, whereas each content license is issued only to a specificapparatus. Even if the user's reproduction apparatuses are “legitimate,”the user must obtain a license for each of the apparatuses in his or herpossession if the same content is desired to be reproduced on themultiple apparatuses. This can be a tedious chore. In paying for eachadditional license, the user may feel overcharged for using the samecontent.

As part of today's growing businesses dealing in payable online contentdistribution and delivery, a plurality of content providers are offeringdiverse kinds of content. It may happen that the same user possessing aplurality of “legitimate” reproduction apparatuses has each of his orher apparatuses registered with a different content provider. In such acase, the user is allowed to reproduce the content from one provideronly on a single relevant apparatus and not any other one. The lack offlexibility to share content between the multiple apparatuses belongingto the same user deprives him or her of the full benefit of havingregistered with (or acquired accounts from) a plurality of contentproviders. The content providers, for their part, can be perceived asunduly unenthusiastic about letting users enjoy a little moreconvenience of the shared content.

DISCLOSURE OF INVENTION

It is therefore an object of the present invention to provide a contentdelivery system, an information processing apparatus or method, and acomputer program for suitably managing the uses of content based oncontracts such as licenses as well as on specific use conditions.

It is another object of the invention to provide a content deliverysystem, an information processing apparatus or method, and a computerprogram for appropriately controlling the uses of content by grantinglicenses to content users for copyright protection.

It is a further object of the invention to provide a content deliverysystem, an information processing apparatus or method, and a computerprogram for enabling a licensed user to use content on a plurality ofapparatuses while preventing illegal content uses.

In achieving the foregoing and other objects of the present inventionand according to a first aspect thereof, there is provided a contentdelivery system for delivering content to a client of a user whopossesses at least two clients, each of the clients using contentlegitimately based on an acquired license, the content delivery systemincluding: registering means for registering each of the clients of theuser in order to acquire customer-related information; customer-relatedinformation managing means for managing the customer-relatedinformation; content providing means which, in response to a requestfrom any one of the clients, provides content to the requesting client;first license granting means which, in response to a request from theclient having acquired the content from the content providing means,grants the requesting client a license for the acquired content; andsecond license granting means which, after the user has moved thecontent from one client to another in the possession of the same user,grants the user a license for the moved content.

The “system” in this context refers to a logical configuration of aplurality of apparatuses (or function modules representative of specificfunctions). It does not matter whether the apparatuses or functionmodules are housed in a single enclosure.

When the content delivery system according to the first aspect of theinvention is in use, the user is supposed to have a plurality ofclients. Where each of the clients is registered with a differentlicense server, any one of the clients having downloaded content maymove the downloaded content to another client to which a new license issmoothly acquired for content reproduction.

That is, the inventive system above allows the licensed user to use thesame content on a plurality of apparatuses in his or her possessionwhile illegal content uses are prevented. The burden on the user havingto work out the sharing of content between multiple clients isalleviated, and the utilization of content delivery services by thegeneral public is promoted.

The sharing of content between a plurality of clients is typicallyimplemented through collaboration between content providers.Illustratively, the first and the second license granting means may berun by different content providers. In such cases, the customer-relatedinformation providing means is queried by the content providers involvedfor information about their mutual customers. This makes it a legitimatepractice to grant a license for content to a client that differs fromthe destination having downloaded the same content.

Preferably, the customer-related information providing means may managea table of correspondences between leaf ID's and client ID's, a table ofcorrespondences between client ID's and user ID's, a table ofcorrespondences between content ID's and license ID's, a table ofcorrespondences between user ID's and the content ID's of downloadedcontent, and a table of correspondences between user ID's and thelicense ID's of downloaded licenses.

The customer-related information managing means may preferably updatethe customer-related information every time the content providing meansprovides content to a client and/or any one of the first and the secondlicense granting means grants a license to a client.

In response to a request from a client for a license, the second licensegranting means may preferably acquire the requested license from thefirst license granting means and return the acquired license to therequesting client. When granting the license, the second licensegranting means, by querying the customer-related information managingmeans, may preferably verify that the requesting client is legitimate,that the same user possessing the requesting client is in possession ofanother client registered with the first license granting means, andthat the requested license has already been granted to the other clientby the first license granting means.

Preferably, the content delivery system according to the first aspect ofthis invention may further include fee-charging means for performing afee-charging process regarding the client to which a license has beengranted.

The fee-charging means may preferably make a difference in chargesbetween a case in which the first license granting means grants alicense to a client downloading content, and a case in which the secondlicense granting means grants a license to another client of the sameuser in possession of the downloading client. Illustratively, the samelicense requested for a second time may be granted at a discount oroffered free of charge. This alleviates the cost burden on the userwishing to use the same content on a plurality of clients. The scheme inturn promotes the utilization of content delivery services by thegeneral public.

According to a second aspect of this invention, there is provided acomputer program which is described in a computer-readable format andwhich allows a computer system to grant a user a license for usingcontent, the user possessing at least two clients which use contentlegitimately based on acquired licenses, the computer program including:a first steps of determining whether or not a client of the userrequesting a license is legitimate; a second step of determining whetheror not the user possessing the requesting client is also in possessionof another client to which the license has already been granted; and athird step of granting the same license to the requesting client if thedetermination in the second step provides an affirmative result.

The second aspect of this invention defines a computer program describedin a computer-readable format and designed to let the computer systemgrant the user a license for using content. When installed in thecomputer system, the inventive computer program works in collaborationwith the system allowing the user to share the same content between aplurality of clients while protecting the copyright of the content. Thebenefits are the same as those obtained with the content delivery systemaccording to the first aspect of the invention.

Other objects, features and advantages of the present invention willbecome apparent from the following detailed description when read inconjunction with the accompanying drawings.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a schematic view outlining a typical configuration of acontent delivery system embodying this invention;

FIG. 2 is a schematic view showing a hardware structure of a host deviceacting as a server or as a client;

FIG. 3 is a schematic view depicting a functional structure of the hostdevice acting as a client;

FIG. 4 is a schematic view indicating a functional structure of the hostdevice acting as a license server;

FIG. 5 is a schematic view illustrating a functional structure of thehost device acting as a content server;

FIG. 6 is a flowchart of steps in which a client makes advanceregistration with the license server;

FIG. 7 is a flowchart of steps in which a client downloads content;

FIG. 8 is a flowchart of steps performed by the content server allowingcontent to be downloaded;

FIG. 9 is a schematic view of a data format in which a content server Adelivers content to a client A;

FIG. 10 is a flowchart of steps in which the client A reproducesdownloaded content;

FIG. 11 is a flowchart of steps in which the client A acquires a licensenecessary for reproducing downloaded content;

FIG. 12 is a schematic view showing a data structure of a licensegranted by the license server to a client;

FIG. 13 is a flowchart of steps in which the license server A grants alicense to the client A;

FIG. 14 is a flowchart of detailed steps in which the client A renews alicense with the license server;

FIG. 15 is a flowchart of detailed steps performed by the license serverallowing a license to be renewed;

FIG. 16 is a flowchart of steps in which a license server B grants alicense in response to a license request from a client B incollaboration with another content provider;

FIG. 17 is an explanatory view showing how a client uses contentsupplied by the content server on the basis of a license granted by thelicense server; and

FIG. 18 is a schematic view showing an EKB structure.

BEST MODE FOR CARRYING OUT THE INVENTION

Preferred embodiments of this invention will now be described in detailwith reference to the accompanying drawings.

FIG. 1 schematically shows a typical configuration of a content deliverysystem embodying this invention. In the setup of FIG. 1, the contentdelivery system is divided into two sides: content providers on oneside, and customers on the other side. The content providers and theircustomers are interconnected by the Internet or by other broadbandcommunication networks (e.g., xDigital Subscriber Line (xDSL), cable TV(CATV), or wireless networks).

There typically exist a plurality of content providers, such asproviders A and B as illustrated. Each content provider has a licenseserver, a content server, a fee-charging server, and a service databaseserver. The license server accepts user (client) registration from eachcustomer's content reproduction apparatus (called the client hereunder)and grants content licenses to clients. The content server storescontent to be provided to clients and delivers content as requested. Thefee-charging server performs a fee-charging process whenever a userregisters with the provider and/or a license is granted. The servicedatabase server holds diverse items of data necessary for grantingcontent licenses to customers or to clients.

With this embodiment, the content providers are interconnected by theInternet or by other backbone communication networks. In order tofacilitate collaboration in business between the content providers,there exists a service database server C (DB C) that supervises theservice databases of the providers involved.

A service database server A (DB A) and a service database server (DB B)owned by each content provider may query the service database server (DBC) about the user information not in their possession. The servers A andB have their stored contents reflected in the service database server Cin a suitably timed manner. However, installation of the servicedatabase server C is not mandatory; it may be replaced by any suitablearrangements allowing the service database servers A and B to shareinformation therebetween.

In the setup of FIG. 1, each of the content providers A and B has alicense server, a fee-charging server, a content server, and a servicedatabase server installed independently. Alternatively, part or all ofthe servers may be shared between the content providers. As anotheralternative, the content server owned by one content provider may beshared by the other content providers.

Although the content delivery system actually has numerous customers,the setup in FIG. 1 is shown having only one customer for purpose ofsimplification and illustration. This customer possesses a plurality ofcontent reproduction apparatuses including clients A and B. Each clientis designed to be “legitimate” according to DRM criteria. That is, theclients are designed to perform their processing without leakingencryption keys, content keys, and decrypted content to the outside.

The client A in the setup of FIG. 1 is assumed to have made registrationwith the content provider A in advance, so that the client A may havecontent provided and licenses granted by the provider A as desired. Theclient B is also assumed to have made advance registration with thecontent provider B, so that the client B may likewise have contentprovided and licenses granted by the provider B as desired.

Content can be moved from the client A to the client B in a number ofways. For example, content may be written by the client A to a recordingmedium that is moved physically to the client B. As another example,content data may be transmitted from the client A to the client B overwhat may called a personal network.

Whereas this embodiment utilizes user ID's for identifying users (aswill be discussed later), it is also possible to use client ID's foridentifying individual clients. Where the same user has different userID's with different content providers, the user ID's are assumed to beassociated with one another through the providers' service databases sothat the providers know these user ID's in fact belong to the same user.It is assumed that the client ID's are also managed by the servicedatabases A, B and C. Although this embodiment performs userauthentication based on a user ID and a password, this is not limitativeof the invention. Alternatively, each reproduction apparatus involvedmay be authenticated (called device authentication) by use of a clientID (device ID). As another alternative, user information may be handledon the basis of device authentication and user authentication combined.

The content delivery system of this embodiment presupposes thefollowing:

-   -   (1) There is provided a copyright-managed environment that        allows the use of delivered content by the customer to be        restricted in scope as desired by the content provider or by the        copyright holder of the content in question.    -   (2) In the copyright-managed environment above, encrypted        content and licenses for decrypting the content can be handled        separately.    -   (3) Each client is furnished with data processing means or steps        for ensuring lawful management and protection of copyrights        (i.e., each client is “legitimate”).    -   (4) Different clients receive content from different content        providers.    -   (5) Each client may have the received content stored therein or        retained on a recording medium connectable to the client in        question.    -   (6) Where a customer wants to have content shared between        clients in his or her possession, the customer is able to move        the content of interest between the clients in wired or wireless        fashion.    -   (7) The content providers involved may swap or share their        customer-related information among them (e.g., information about        customers, information about clients owned by the customers,        information about purchased content, etc.).

With the above preconditions satisfied, the content delivery system ofthis embodiment enables the content acquired by the client A to bestored (i.e., moved) into the client B before permitting the client B toreceive a new license from a license server. This makes it possible forthe clients A and B to share the content therebetween while protectingthe copyright of the content. Detailed steps for sharing content will bediscussed later.

FIG. 2 schematically shows a hardware structure of a host device actingas a server or as a client in the content delivery system embodying theinvention.

In the structure of FIG. 2, a CPU (central processing unit) 101 workingas a main controller under an operating system (OS) carries out variousapplication programs. If the host device acts as a client terminal, theCPU 101 executes client applications for addressing services includingadvance registration with content providers, downloading of content,acquisition of licenses, and storage of downloaded content. If the hostdevice acts a server such as a license server, a content server, afee-charging server, or a service database server, then the CPU 101performs relevant server applications. As illustrated, the CPU 101 isinterconnected with other devices (to be described later) by a bus 108.

A main memory 102 works as a storage device into which to load programcodes for execution by the CPU 101 or into which to place temporarilywork data for currently executing programs. Illustratively, asemiconductor memory such as a DRAM (dynamic RAM) is adopted as the mainmemory 102. If the host device acts as a client terminal, the CPU 101loads into the main memory 102 executing programs made up of the clientapplications for addressing services including advance registration withcontent providers, downloading of content, acquisition of licenses, andstorage of downloaded content. If the host device acts as a server(i.e., a license server, a content server, a fee-charging server, or aservice database server), the CPU loads into the main memory 102executing programs constituted by the relevant server applications.

A ROM (read only memory) 103 is a semiconductor memory that stores datapermanently. For example, a self-diagnostic test program for use uponstart-up (POST: Power On Self Test) and program code for hardware I/Ocontrol (BIOS: Basic Input/Output System) are written in the ROM 103.

A display controller 104 is dedicated to actually processing renderinginstructions issued by the CPU 101. Rendering data processed by thedisplay controller 103 are written to a frame buffer (not shown) beforebeing output onto a display device 111. The display screen of thedisplay device 111 feeds back visually to the user what has been inputfrom the user, the results of the input having been processed(specifically, images of reproduced content), or system messagesincluding error messages.

An input device interface 105 is a device that connects a keyboard 112,a mouse 113, and other user input devices to an interactive system 100.

A network interface 106 allows the system 100 to connect to a localnetwork such as LAN (local area network) in keeping with a suitablecommunication protocol such as that of the Ethernet (registeredtrademark), and to connect to wide area networks such as the Internet.Alternatively, when attached to a terminal on board a vehicle, thenetwork interface 106 may establish wireless connection channels (e.g.,mobile phone channels) to wide area networks.

Over a network, a plurality of host terminals (not shown) may beconnected transparently to make up a distributed computing environment.On such a network, software programs, data content and others may bedelivered from one location to another by the content delivery service.

Illustratively, if the host device acts as a client terminal, it candownload client applications for dealing with services such as advanceregistration with a content provider, downloading of content,acquisition of licenses, and storage of downloaded content. Over thenetwork, the terminal can also download procedures for advanceregistration with a content provider, downloading of content from acontent server, acquisition of licenses from a license server, andfee-charging processes for acquired licenses. Furthermore, sourceprograms yet to be compiled and object programs having been compiled maybe executed by way of the network. If the host device acts as a serversuch as a license server, a content server, a fee-charging server, or aservice database server, then it can download various serverapplications over the network. In addition, the server may carry outprocedures for advance registration with a customer's client terminal,delivery of content, granting of licenses, and fee-charging processesfor granted licenses via the network.

An external device interface 107 is designed to connect such externaldevices as a hard disc drive (HDD) 114 and a media drive 115 to the hostdevice 100.

The HDD 114 is an external storage device that accommodates a magneticdisc fixedly as a storage medium (as is well known). It is superior tomost other external storage devices in terms of storage capacity anddata transfer rate. In a procedure called “installation,” softwareprograms may be placed onto the HDD 114 in a ready-to-execute manner.Generally, the HDD 114 has the program codes of an operating system,application programs, and device drivers installed thereon innonvolatile fashion and ready for execution by the CPU 101.

If the host device acts as a client terminal, it may install on the HDD114 the client applications for addressing services such as advanceregistration with a content provider, downloading of content,acquisition of licenses, and storage of downloaded content. It is alsopossible for the client to store on the HDD 114 the content downloadedfrom a content provider (or moved from another client terminal by way ofa storage medium or other suitable means) as well as licenses for thecontent. If the host device acts as a server such as a license server, acontent server, a fee-charging server, or a service database server,then it can install the relevant server applications on the HDD 114. Itis also possible for the server to store on the HDD 114 customer-relatedinformation necessary for the content delivery service (e.g.,information about customers, information about clients owned by thecustomers, information about purchased content, etc.).

The media drive 115 is a device that accommodates a portable medium suchas CD (Compact Disc), MO (Magneto-Optical disc), or DVD (DigitalVersatile Disc) in a manner permitting access to the data recordingsurface of the medium.

The portable media are used mainly to back up software programs and datafiles in computer-readable form or for moving (i.e., marketing,distributing, or otherwise delivering) these software programs and datafiles from one system to another. For example, the portable media may beused to get the client applications or server applications for suchservices as advance registration with a content provider, downloading ofcontent, acquisition of licenses, and storage of downloaded content,moved physically between a plurality of devices for distribution ordelivery. The portable media may also be used to move between clientterminals the content downloaded from a content provider. The portablemedia may further be used to let the content providers swap or sharebetween them the customer-related information necessary for the contentdelivery service (e.g., information about customers, information aboutclients owned by the customers, information about purchased content,etc.).

FIG. 3 schematically depicts a functional structure of the host deviceacting as a client. As illustrated, the client is made up of an advanceregistration section, a content download section, a content storagesection, a content transfer section, a license acquisition andmanagement section, a fee-charging section, and a content reproductionsection. In practice, these sections or function modules are implementedby the CPU 101 executing relevant program modules.

The advance registration section permits the client advance registrationwith the license server of a specific content provider before the clientreceives content from that provider and be granted a license for thereceived content. Detailed steps of the advance registration will bediscussed later.

The content download section downloads desired content from the contentserver of the content provider with which advance registration has beenmade. Generally, the user selects specific content on a browser screenof the client and starts downloading the selected content in thewell-known manner which will not be discussed further. The downloadedcontent is stored in the content storage section.

The license acquisition and management section acquires from the licenseserver a license necessary for using (i.e., reproducing) the contentdownloaded from the content server or moved in from another client ofthe same user through the content transfer section. The acquiredlicenses and the information obtained at the time of advanceregistration are managed by the license acquisition and managementsection. If any acquired license has expired, the license acquisitionand management section carries out a license renewal process with thelicense server to get the license in question renewed. Detailed steps ofthe license acquisition and license renewal will be discussed later.

The fee-charging section connects to the fee-charging server of anycontent provider, and performs a fee-charging process paying for thelicense for using (i.e., reproducing) the content downloaded from thecontent server or acquired from another client of the same user throughthe content transfer section.

With this embodiment, a new license for using the same content acquiredfrom another client of the same user via the content transfer sectionmay be granted either on a chargeable basis or free of charge. If thelicense is chargeable, the price can be made lower than that in effectwhen the license in question was obtained for the first time. Theseconsiderations are determined at the discretion of the content providerand are reflected by the fee-charging server in its processing.

The content reproduction section retrieves desired content from thecontent storage section, decrypts or decodes the encrypted content datausing the corresponding license held in the license acquisition andmanagement section, and reproduces the decoded data. Specifically, thereproduction of content refers to outputting music data acoustically andoutputting image data visually on the display device.

The content transfer section transfers content from one client toanother in the possession of the same user. When moving content toanother client, the content transfer section first retrieves the targetcontent from the content storage section. The content transfer sectionthen writes the content to a portable recording medium for physicaltransfer to the intended destination, or transmits the contentelectronically to the destination over wired or wireless communicationchannels. When acquiring content from another client, the contenttransfer section reads the target content from the loaded recordingmedium, or receives the content over wired or wireless communicationchannels. The content thus moved is stored into the content storagesection.

FIG. 4 schematically indicates a functional structure of the host deviceacting as a license server. As depicted, the license server isconstituted by an advance registration section, a license issuancesection, a license storage section, and a database management section.In practice, these sections or function modules are implemented by theCPU 101 executing relevant program modules.

The advance registration section allows the client to make advanceregistration with the server before the client utilizes the contentdelivery service of this content provider. Detailed steps of the advanceregistration will be discussed later.

The license storage section stores licenses necessary for the use ofcontent provided by the content provider. Each relevant license may beretrieved through a search based on license designation information suchas a license ID.

In response to a request from a client, the license issuance sectionretrieves from the license storage section a license necessary for theuse of content downloaded from the server or moved from another clientof the same user, and transmits the retrieved license to the requestingclient. Whenever issuing a license, the license issuance sectionnotifies the fee-charging server of the issue so as to charge the clientfor the license.

With this embodiment, a new license for using the same content acquiredfrom another client of the same user via the content transfer sectionmay be granted either on a chargeable basis or free of charge. If thelicense is chargeable, the price can be made lower than that in effectwhen the license in question was obtained for the first time. Theseconsiderations are determined at the discretion of the content providerand are reflected by the fee-charging server in its processing.

Furthermore, in response to a license renewal request from a client, thelicense issuance section renews a license that has expired. Detailedsteps of the license renewal will be discussed later.

The database management section causes the service database to store andupdate details of advance registration made by the advance registrationsection as well as information about the licenses issued by the licenseissuance section.

FIG. 5 schematically shows a functional structure of the host deviceacting as a content server. As illustrated, the content server includesa transmission and reception section, a delivery content storagesection, a content data retrieval section, an encryption section, and adatabase management section. In practice, these sections or functionmodules are implemented by the CPU 101 executing relevant programmodules.

The transmission and reception section receives a content request (i.e.,content designation information) from a client and transmits therequested content data to the requesting client.

The delivery content storage section retains and manages content data tobe delivered to clients by the content provider in the content deliveryservice. With this embodiment, the content data are stored in thedelivery content storage section in a format encoded by ATRAC3 (AdaptiveTransform Acoustic Coding Version 3).

The content data retrieval section analyzes content designationinformation received by the transmission and reception section,retrieves the designated content from the delivery content storagesection, and transfers the retrieved content to the encryption section.

The encryption section encrypts the content destined for a client by useof a content key Kc.

The database management section causes the service database to store andupdate information about the past delivery of content to clients in thecontent delivery service.

Described below by referring again to FIG. 1 is how content is sharedbetween the clients A and B owned and utilized by the same user. Beforesharing content, the clients A and B gain access to the license serversA and B respectively for advance registration. Carrying out the advanceregistration enables each of the clients A and B to obtain “servicedata” including a leaf ID, DNK (device node key), a secret key pairedwith a public key for the client, a public key of the license server,and certificates of the public keys.

The leaf ID represents identification information assigned to eachclient. DNK stands for the device node key necessary for decrypting anencrypted content key Kc contained in EKB (enabling key block)corresponding to the license of interest. The device node key (DNK) isdescribed in the Description WO 02/080446 that has been assigned to thisapplicant. Details of DNK disclosed in the cited description are notdirectly applicable to the spirit or scope of this invention and thuswill not be discussed further.

FIG. 6 is a flowchart of steps constituting the process in which aclient makes advance registration with the license server. The steps arecarried out as follows:

The client transmits a service data request to the license server of thecontent provider with which the client wants to register in advance forthe service (step S1).

In response to the service data request received from the client, thelicense server transmits a user information request to the requestingclient (step S11).

On receiving the user information request, the client displays on thedisplay device or like equipment a message and an entry screen promptingthe user to input user information (step S2). By operating the inputdevice such as a keyboard and a mouse, the user enters the userinformation including personal information and payment information, andtransmits the input information to the license server (step S3).

Upon receipt of the user information, the license server assigns to therequesting client one of the unassigned leaves that come under thecategory allocated to the license server. The license server thengenerates as a device node key (DNK) a set of node keys assigned to thenodes on a path ranging from the assigned leaf to the node of thecategory allocated to the license server. Finally, the license servergenerates service data including the generated DNK, a leave ID of theleaf assigned to the client, a secret key paired with a public key forthe client, a public key of the license server, and certificates of thepublic keys (step S12). The generated service data is transmitted to therequesting client (step S13).

Following transmission of the service data, the license server recordsthe user information in correspondence with the leaf ID and stores thedetails of the advance registration into the service database (stepS14).

On receiving the service data from the license server, the clientencrypts the received data and stores the encrypted data in the licenseacquisition and management section (step S4).

In the manner described, the license server registers the client and itsuser, and the client is then entitled to receive the service dataincluding the device node key necessary for utilizing the desiredcontent delivery service.

With this embodiment, each of the service database servers A and B forthe content providers has a plurality of tables listed below. Othersubsystems such as the content server may utilize (i.e., reference, addto, or update) any of these tables as needed. The tables furnished toeach service database server include:

-   -   (1) a table of correspondences between leaf ID's and client        ID's;    -   (2) a table of correspondences between client ID's and user        ID's;    -   (3) a table of correspondences between user ID's and user        passwords;    -   (4) a table of correspondences between content ID's and license        ID's;    -   (5) a table of correspondences between user ID's and the content        ID's of the downloaded content (the table may also record the        dates on which the content was downloaded and the license ID's        associated with the downloaded content); and    -   (6) a table of correspondences between user ID's and the license        ID's of the downloaded licenses (the table may also record the        dates on which the licenses were downloaded).

The service database server C is set up to let the content providersinvolved share the information listed below from among thecustomer-related information held in the service database servers A andB. The content providers A and B may reference or update the sharedinformation as needed. The shared information includes:

-   -   (1) the table of correspondences between leaf ID's and client        ID's;    -   (2) the table of correspondences between client ID's and user        ID's;    -   (3) the table of correspondences between content ID's and        license ID's;    -   (4) the table of correspondences between user ID's and the        content ID's of the downloaded content (the table may also        record the dates on which the content was downloaded and the        license ID's associated with the downloaded content); and    -   (5) the table of correspondences between user ID's and the        license ID's of the downloaded licenses (the table may also        record the dates on which the licenses were downloaded).

The content delivery system of this embodiment allows the contentacquired by the client A to be moved to the client B (for storage) andpermits the client B to receive a new license for using the movedcontent from the server, thereby enabling the clients A and B to sharethe content while protecting the copyright of the content in question.Content is typically shared between clients in steps P1 through P6 asindicated in FIG. 1 and as outlined below.

-   -   P1: Content is first downloaded.    -   P2: A license for the content is downloaded and the content is        reproduced.    -   P3: Relevant information is updated between the service        databases involved.    -   P4: The content is moved to another client.    -   P5: A new license for the moved content is downloaded and the        moved content is reproduced.    -   P6: Relevant information is updated between the service        databases involved.

Each of the steps above is described in more detail.

Downloading of Content:

FIG. 7 is a flowchart of steps constituting the process in which theclient A downloads content. The steps are carried out as follows:

The user starts up a content download process by manipulating thedisplay screen using the keyboard, mouse, or some other suitable inputdevice. In turn, the client gains access to the content server A throughthe network interface 106 (step S21).

The access to the content server A causes a content selection screen(not shown) to appear on the display screen of the client A. On thisscreen, the user designates desired content using the keyboard, mouse,or some other suitable input device. The client A notifies the contentserver A of information for designating the desired content (step S22).The client A further notifies the content server A of a user ID enteredby the user (step S23).

In response to the content designation information, the content server Aencrypts the corresponding content and transmits the encrypted content,as will be discussed later. The client A receives the encrypted content(step S24) and stores what is received into the content storage section(step S25).

FIG. 8 is a flowchart of steps constituting the process performed by thecontent server allowing content to be downloaded. The steps are carriedout as follows:

The content server A waits for an attempt to access by the client A(step S31). When accessed by the client A, the content server A acquiresinformation for designating content from the client A (step S32). Thecontent designation information corresponds to the information sent bythe client A in step S22 in the flowchart of FIG. 6.

The content server A retrieves from the stored content the contentdesignated by the information acquired earlier in step S32 (step S33).

The content server A encrypts the retrieved content using a content keyK_(c) (step S34). Because the content data in the delivery contentstorage section have been encoded by ATRAC3, the encoded content dataare further encrypted. If the content data had been encrypted beforethey were placed in the delivery content storage section, step S34 maybe skipped.

The content server A acquires from the service database server A alicense ID corresponding to the content ID (step S35). The contentserver A then adds key information (to be described later) necessary fordecrypting the encrypted content, and the license ID of the licenseneeded to use the content, to a header constituting part of a format inwhich the encrypted content data is to be transmitted (step S36).

The content encrypted in step S34 and the header supplemented with thekey and license ID in step S36 are then transmitted to the requestingclient A in the appropriate format (step S37).

Lastly, the content server A records the user ID of the client A and thecontent ID of the transmitted content to the service database A (stepS38). The records in the service database A are reflected in the servicedatabase C through a suitable synchronizing process, so that theserecords can be referenced by the content provider B as well.

FIG. 9 is a schematic view of a typical data format in which the contentserver A delivers content to the client A. As illustrated, the format ismade up of a header and a data part.

The header includes content information, a license ID, an enabling keyblock (EKB), and data KEKB (K_(c)) constituting a content key K_(c)encrypted by use of a key KEKB derived from EKB. EKB is described in theDescription WO 02/080446 that has been assigned to this applicant.Details of EKB disclosed in the cited description are not directlyapplicable to the spirit or scope of this invention and thus will not bediscussed further.

The content information includes a content ID (CID) serving asidentification information for identifying the formatted content data.Also included in the content information is information such as a CODECmethod for coding and decoding the content in question.

The data part is formed by any number of encryption blocks. Eachencryption block is composed of an initial vector (IV), a seed, and dataE_(K′c)(Data) obtained by encrypting the content data using a keyK′_(c).

The key K′_(c) is constituted by the content key K_(c) and by a valueobtained by applying a hash function to the randomly generated seed, asindicated by the following expression:K′ _(c)=Hash (K _(c), Seed)

The initial vector IV and the seed are set for different values for eachencryption block.

The content data is encrypted in increments of eight bytes. Eacheight-byte block is encrypted by use of the preceding encryptedeight-byte data in CBC (cipher block chaining) mode.

Where CBC mode is in use, the first eight-byte content data is encryptedusing the initial vector IV as the initial value. That is because thepreceding encrypted eight-byte data block does not exist before thefirst eight-byte content data.

If any one encryption block were somehow decrypted by an unscrupulousthird party, the CBC mode encryption scheme still protects the otherblocks from getting decrypted likewise. The encryption procedureinvolved is described in the Description WO 02/080446 that has beenassigned to this applicant. Details of the procedure disclosed in thecited description are not directly applicable to the spirit or scope ofthis invention and thus will not be discussed further. Other encryptionschemes may be adopted instead. Illustratively, the content data may beencrypted simply by use of the content key K_(c).

In the manner described, the client A may acquire content from thecontent server A as desired. However, to use (i.e., reproduce) thecontent thus obtained requires that a license be obtained by each clientbefore the use. This embodiment allows content to be delivered free ofcharge; only the license for using the content is offered on achargeable basis. This makes it possible to distribute large quantitiesof free content in a copyright-protected manner.

Downloading of License and Reproduction of Content:

FIG. 10 is a flowchart of steps constituting the process in which theclient A reproduces downloaded content. The steps are carried out asfollows:

The client A first acquires content identification information (CID)designated by the user operating the keyboard, mouse, or some othersuitable input device (step S41). The identification information isillustratively composed of a title, a serial number, or otherappropriate information attached to each individual piece of the contentin storage.

When the desired content is designated, the client A reads the licenseID (i.e., identification information necessary for using content)corresponding to the designated content. As shown in FIG. 9, the licenseID is described in the header of the encrypted content data.

The client A then determines whether or not the license corresponding tothe retrieved license ID has already been acquired and stored in thelicense acquisition and management section (step S42). If the applicablelicense has yet to be acquired, step S43 is reached in which a licenseacquisition process (to be discussed later) is performed.

If the license is found to have been acquired in step S42, or if thelicense acquisition process is carried out in step S43, the client Adetermines whether or not the current date of the license comes beforethe license expiration date (step S44). The determination of step S44 iscarried out by comparing the expiration date (to be described later)stipulated as part of the license with the current time of day countedby a system timer of the client A.

If the license is found to have expired, step S45 is reached. In stepS45, a license renewal process (to be discussed later) is carried out.

If the current date of the license comes before its expiration date instep S44, or if the license is renewed in step S45, the client Adetermines whether or not the license is valid (step S46). The validityof the license is determined by verifying an electronic signature (to bedescribed latter) included in the license. If the license is not foundto be valid, error handling is carried out (step S47) before thisprocessing routine is brought to an end. The error handling may involveacquiring a valid license.

If the license is found to be valid in step S46, the client A reads thecorresponding encrypted content data from the content storage section(step S48). Using the content key K_(c), the client A decrypts theencrypted content data in increments of encryption blocks as shown inFIG. 9 (step S49).

The client A decodes the decrypted content data for content reproduction(step S50). The process of content reproduction refers to outputtingmusic data acoustically and outputting image data visually on thedisplay device.

FIG. 11 is a flowchart of detailed steps constituting the licenseacquisition process performed by the client A in step S43 of FIG. 10.The steps are carried out as follows:

It is assumed that the client A accesses and registers with the licenseserver A in advance so as to acquire therefrom the service dataincluding a leaf ID, DNK (device node key), a secret key paired with apublic key for the client A, a public key of the license server, andcertificates of the public keys (see the foregoing description withreference to FIG. 6).

The leaf ID represents identification information assigned to eachclient. DNK stands for the device node key necessary for decrypting anencrypted content key Kc contained in EKB (enabling key block)corresponding to the license of interest.

The client A first acquires information for designating the license tobe renewed, a user ID, and a password entered by the user operating thekeyboard, mouse, or some other suitable input device (steps S61 andS62).

The client A then transmits to the license server B a license requestincluding the entered user ID, password, license designationinformation, and the leaf ID contained in the service data (step S63).

The license server A issues a license based on the user ID, password,and license designation information, and transmits the issued license tothe requesting client A. The license granting process performed by thelicense server A will be discussed later in more detail.

If the license is received from the license server A (step S64), theclient A stores the received license into the license acquisition andmanagement section (step S65).

If the license is not received from the license server A (step S64), theclient A performs error handling (step S66) and terminates thisprocessing routine. The error handling here illustratively involvesinhibiting the start-up of the content reproduction section because thelicense for using the content is not available.

In the manner described above, the client A can use the content afteracquiring the license corresponding to the license ID attached to thecontent data. The license acquisition process shown in FIG. 11 mayalternatively be carried out prior to the downloading of content, notafter.

FIG. 12 schematically shows a data structure of a license granted by thelicense server to a client. As illustrated, the license includes in itsdata structure a use condition, a leaf ID, and an electronic signatureof the license server.

The use condition includes: a use limit on the extent of use of thecontent based on the license; a download limit on the extent of downloadof the content based on the license; an allowable copy count specifyingthe maximum number of times the content can be copied based on thelicense; the current check-out count; a maximum allowable check-outcount; the right to record the content on a recording medium such asCD-R based on the license; the maximum number of times the content canbe copied to a portable recording medium; the right to turn the licenseinto ownership (i.e., the right to buy); and information specifying theuser's obligation to keep a usage log.

FIG. 13 is a flowchart of steps constituting the process in which thelicense server A grants a license to the client A in response to alicense request from the client A (step S63 in FIG. 11). The steps arecarried out as follows:

The license server A waits for an attempt to access by the client A(step S71). When accessed by the client A, the license server A requeststhe client A to transmit a user ID, a password, and a license ID. Inturn, the client A goes to step S63 and transmits the user ID, password,leaf ID, and license designation information (license ID) to the licenseserver A. The license server A acquires all that has been transmitted(step S72).

The license server A then requests the service database server A tocheck the user ID and password (step S73) to see if the client A islegitimate (step S74). If the check is unsuccessful, the license serverA performs error handling (step S75) and brings this processing routineto an end. In this case, no license is issued to the client A.

If the check in step S74 turns out to be successful, the license serverA accesses the fee-charging server A to request credit processing (stepS76). In response to the credit processing request from the licenseserver A, the fee-charging server A examines the past payment historycorresponding to the user ID and password, to check whether the user inquestion committed nonpayment or other irregularities in paying forlicenses in the past (step S77).

If the user is not found creditworthy as a result of the check, thefee-charging server A notifies the license server A that granting of thelicense is not allowed because of the lack of creditworthiness on theuser's part. In response, the license server A performs error handling(step S78) and terminates this processing routine. In this case, too, nolicense is issued to the client A.

If the user is found creditworthy, then the license server A retrievesthe license corresponding to the license designation information fromthe license storage section (step S79). Each of the licenses held in thelicense storage section is associated beforehand with informationdescribing a corresponding license ID, an applicable version number, adate and time of creation, and an expiration date. The license server Aattaches a leaf ID to the retrieved license (step S80).

The license server A selects the use condition associated with thislicense (step S81). If a use condition was designated by the user makingthe request for the license, the designated use condition is added asneeded to the previously provided use condition. The use conditions thusselected are attached to the license.

The license server A puts an electronic signature to the license usingits own secret key, thereby generating the license as shown in FIG. 12(step S82). The license thus generated is transmitted to the requestingclient A (step S83).

The license server A stores the transmitted license (including its useconditions and leaf ID) in correspondence with the user ID and password.The license server A further accesses the service database server A torecord therein the license ID of the transmitted license in associationwith the user ID (step S84). The recorded contents in the servicedatabase A are reflected in the service database C through asynchronization process, so that these recorded contents can be accessedby the content provider B as well.

Finally, the license server A accesses the fee-charging server A torequest a fee-charging process regarding the user corresponding to theuser ID and password (step S85). In response to the fee-charging processrequest, the fee-charging server A settles the credit with theapplicable user. Specifically, the fee-charging server A may settle thecredit using a credit card or a debit card, by accepting payment fromthe user in electronic money or in cash, or through a bank transfer bythe user. How the fee-charging process is accomplished is not directlyapplicable to the spirit or scope of this invention and thus will not bediscussed further.

If the user fails to make the necessary payment at the time of thefee-charging process, the user loses his or her creditworthiness. Theuser is thereafter denied the granting of any requested license. Withthe user found deprived of creditworthiness, the fee-charging serverreturns to the license server A the result of the credit processingsaying that the granting of license should be refused. In response, thelicense server A performs error handling in step S78 and terminates theprocessing routine. The requesting client does not receive the licenseand thus will not be able to use (i.e., decrypt) the content.

FIG. 14 is a flowchart of detailed steps constituting the licenserenewal process carried out by the client A in step S45 of FIG. 10. Thesteps are performed as follows:

The client A first acquires license designation information, a user ID,and a password entered by the user operating the keyboard, mouse, orsome other suitable input device (steps S91 and S92).

The client A transmits to the license server a license renewal requestincluding the user ID, password, and license designation informationinput by the user (step S93).

In response to the license renewal request, the license server Apresents use conditions (to be discussed later). The client A receivesthe presented use conditions and gets the received conditions displayedon the screen for the user to examine (step S94).

By operating the keyboard, mouse, or some other suitable input device,the user selects some of the displayed use conditions or adds a new usecondition to the existing conditions. The client A then sends to thelicense server A (step S95) a request to purchase the use conditionsthus selected (i.e., conditions for renewing the license).

In response to the purchase request from the client A, the licenseserver A transmits finalized use conditions (to be discussed later). Theclient A receives the use conditions from the license server A (stepS96) and renews the license on the basis of the received use conditions(step S97).

FIG. 15 is a flowchart of detailed steps constituting the processperformed by the license server in step S45 of FIG. 10 allowing alicense past its expiration date to be renewed. The steps are carriedout as follows:

When accessed by the client A (step S101), the license server A receivesthe license renewal request (mentioned above) from the client A (stepS102).

The license server A reads from the license storage section the useconditions (i.e., use conditions to be renewed) corresponding to thelicense whose renewal is being requested. The retrieved use conditionsare transmitted to the requesting client A (step S103).

The client A causes the received use conditions to be displayed on thescreen for the user to examine. By operating the keyboard, mouse, orsome other suitable input device, the user selects some of the displayeduse conditions or adds a new use condition to the existing conditions.The client A then sends to the license server A (as described above) therequest to purchase the use conditions thus selected (i.e., conditionsfor renewing the license).

In response to the use condition purchase request from the client A, thelicense server A generates data corresponding to the requested useconditions and transmits the generated data to the client A (step S104).The client A receives the use conditions from the license server A andrenews the license on the basis of the received conditions (as describedabove).

Described below with reference to FIG. 17 is how a client uses contentsupplied by the content server on the basis of a license granted by thelicense server. The scheme is summarized as follows:

Content is furnished by the content server to the client, while alicense is granted by the license server to the client for the furnishedcontent. The content is encrypted (Enc(K_(c),Content) by use of acontent key K_(c). The content key K_(c) is in turn encrypted(Enc(KR,K_(c))) using a root key KR (which is derived from EKB andcorresponds to key K_(EKBC) in the content data shown in FIG. 9). Thecontent key thus encrypted is attached to the content along with EKBbefore being supplied to the requesting client.

EKB shown in FIG. 17 includes the root key KR that may be decryptedusing DNK, as shown in FIG. 18 (Enc(DNK,KR)). Thus the client may obtainthe root key KR from EKB using DNK contained in the service data. Theclient can decrypt the content key K_(c) from the data Enc(KR,K_(c))using the root key KR. In turn, the content key K_(c) may be used todecrypt the content from the encrypted content Enc(K_(c),Content).

Updating of Information Between Service Databases:

Whenever content or a license is downloaded from the content provider Ato the client A, information about the download is recorded to theservice database A set up by the content provider A. In the contentdelivery system of this embodiment, any updated information in theservice database A is reflected in the service database C so that theinformation may be shared between the content providers A and B. Thistype of collaboration in business enables the content providers A and Bin the content delivery system to let the clients A and B of the samecustomer share content therebetween.

When content or a license has been downloaded from the content providerA to the client A, the service databases A and C update correspondingentries in the following tables:

-   -   (1) the table of correspondences between leaf ID's and client        ID's;    -   (2) the table of correspondences between client ID's and user        ID's;    -   (3) the table of correspondences between content ID's and        license ID's;    -   (4) the table of correspondences between user ID's and the        content ID's of the downloaded content (the table may also        record the dates on which the content was downloaded and the        license ID's associated with the downloaded content); and    -   (5) the table of correspondences between user ID's and the        license ID's of the downloaded licenses (the table may also        record the dates on which the licenses were downloaded).        Transfer of Content to Another Client:

The content downloaded to the client A may be moved to the client B foruse by the latter. Upon movement of the content, it is not yet necessaryfor the client B to obtain the license for using the content.

In the setup of FIG. 1, the content downloaded to the client A is firstcopied to a portable recording medium. The recording medium with thecontent copied thereon is loaded physically into the client B to movethe content to the latter.

In the case above, the client A reads the content of interest from itscontent storage section and writes the retrieved content to therecording medium. The client B reads the copied content from therecording medium and stores the content into its content storagesection. These steps of data processing are carried out in well-knowntechnique and thus will not be described further.

The method of moving unlicensed content from one client to another isnot limited to the above-described one. Alternatively, the same user onhis or her own initiative may transfer content in a wired or wirelesscommunication from one client to another in his or her possession. Asanother alternative, when a client owned by a given user purchasescontent from a given content provider, that provider may automaticallydeliver the same content to another client of the same user.

Downloading of License for the Content Moved from Another Client andReproduction of the Moved Content:

The client B may download a license for the content moved from theclient A so as to reproduce the moved content. The client B canreproduce the content by following the steps shown in FIG. 10.

The client B first acquires content identification information (CID)designated by the user operating the keyboard, mouse, or some othersuitable input device (step S41). When the content is designated, theclient B reads a license ID (i.e., identification information necessaryfor using content) corresponding to the content in question.

The client B then determines whether or not the license corresponding tothe retrieved license ID has already been acquired by the client B andstored in its license acquisition and management section (step S42). Ifthe applicable license has yet to be acquired, step S43 is reached forthe license acquisition process. The client B carries out the licenseacquisition process by following the steps shown in FIG. 11. The datastructure of the license is illustrated in FIG. 12.

If the license is found to have been acquired in step S42, or if thelicense is obtained following the license acquisition process carriedout in step S43, the client B determines whether or not the current dateof the license comes before the license expiration date (step S44).

If the license is found to have expired, step S45 is reached for thelicense renewal process. In step S45, the client B carries out thelicense renewal process by following the steps shown in FIG. 14.

If the current date of the license is found to come before itsexpiration date in step S44, or if the license is renewed in step S45,the client B determines whether or not the license is valid (step S46).If the license is not found to be valid, error handling is carried out(step S47) before this processing routine is brought to an end.

If the license is found to be valid in step S46, the client B reads thecorresponding encrypted content data from the content storage section(step S48). Using the content key K_(c), the client B decrypts theencrypted content data in increments of encryption blocks as shown inFIG. 9 (step S49).

The client B decodes the decrypted content data for content reproduction(step S50).

In step S43, the client B performs the license acquisition process byfollowing the steps shown in FIG. 11. The steps are carried out asfollows:

The client B first acquires information for designating the license tobe renewed, a user ID, and a password entered by the user (steps S61 andS62).

The client B then transmits to the license server B a license requestincluding the entered user ID, password, license designationinformation, and the leaf ID contained in the service data, the client Bhaving registered beforehand with the license server B (step S63).

The license server B issues a license based on the user ID, password,and license designation information, and transmits the issued license tothe requesting client B. The license granting process performed by thelicense server B will be discussed later in more detail.

If the license is received from the license server B (step S64), theclient B stores the received license, certificate, and secret key intothe license acquisition and management section (step S65).

If the license is not received from the license server B (step S64), theclient B performs error handling (step S66) and terminates thisprocessing routine.

In the manner described above, the client B can use the content movedfrom the client A only after acquiring the license corresponding to thelicense ID attached to the content data.

Following step S63 of FIG. 11 in which the client B issues the licenserequest, the license server B performs the process of granting therequested license to the client B. Because the request is for thelicense about the content supplied by the content provider A, thelicense server B does not have the license in question. In that case,the license server B acquires the license from the content provider A bytaking advantage of the business collaboration between the contentproviders A and B, before granting the acquired license to the client B.Any information necessary for generating the license is obtained by thelicense server B from the content provider A.

FIG. 16 is a flowchart of steps constituting the process in which thelicense server B grants a license in response to a license request fromthe client B in collaboration with another content provider. The stepsare carried out as follows:

The license server B waits for access by the client B (step S111). Whenaccessed by the client B, the license server B requests the client B totransmit a user ID, a password, and a license ID. In response, theclient B transmits the user ID, password, leaf ID, and licensedesignation information (license ID) in step S63 of FIG. 11. The licenseserver B acquires all that has been transmitted (step S112).

The license server B then requests the service database server B tocheck the user ID and password (step S113) to see whether or not theclient B is legitimate (step S114). If the check is unsuccessful, thelicense server B performs error handling (step S115) and terminates thisprocessing routine. In this case, no license is issued to the client B.

If the check turns out to be successful, the license server B transmitsthe user ID to the service database server B and requests the latter tocheck whether or not this user possesses a client having registered withthe content provider A (steps S116 and S117).

If the check on the user is unsuccessful, the license server B findsthis request to be a normal license acquisition request from the clientB. In this case, the license server B goes from step S117 to step S121for a normal fee-charging process involved with the purchase of alicense.

If the check on the user turns out to be successful, then the licenseserver B accesses the service database server C that retains informationabout the customers having registered with the content providers A andB. From the service database server C, the license server B acquires theclient ID of the client A having the same user ID (step S118).

The license server B transmits the license ID and the client ID of theclient A to the service database server C. In so doing, the licenseserver B requests the service database server C to determine whether ornot the client A has already purchased the license for the content thatis about to be used by the client B (step S119). A check is thus made tosee whether or not the client A, from which the content has been moved,has the applicable license (step S120).

If the check on the client A about possession of the license isunsuccessful, the license server B finds this request to be a normallicense acquisition request from the client B. In this case, the licenseserver B goes from step S120 to step S121 for the normal fee-chargingprocess involved with the purchase of a license.

If the check in step S120 turns out to be successful, that means theuser has already purchased the license for the same content. In thatcase, a new license is granted free of charge or at a discount, beforethe next step is reached.

In step S121, the license server B accesses the fee-charging server B torequest credit processing. In response to the credit processing requestfrom the license server B, the fee-charging server B examines the pastpayment history corresponding to the user ID and password, to checkwhether the user in question committed nonpayment or otherirregularities in paying for licenses in the past (step S122).

If the user is not found creditworthy as a result of the check, thefee-charging server B notifies the license server B that granting of thelicense is not allowed because of the lack of creditworthiness on theuser's part. In response, the license server B performs error handling(step S123) and terminates this processing routine. In this case, too,no license is issued to the client B.

If the user is found creditworthy, then the license server B accessesits license storage section and retrieves the license corresponding tothe license designation information therefrom (step S124). Each of thelicenses held in the license storage section is associated beforehandwith information describing a corresponding license ID, an applicableversion number, a date and time of creation, and an expiration date. Thelicense server B attaches a leaf ID to the retrieved license (stepS125).

The license server B selects the use condition associated with thislicense (step S126). If a use condition was designated by the usermaking the request for the license, the designated use condition isadded as needed to the previously provided use condition. The useconditions thus selected are attached to the license.

The license server B puts an electronic signature to the license usingits own secret key, thereby generating the license as shown in FIG. 12(step S127). The license thus generated is transmitted to the requestingclient B (step S128).

The license server B stores the transmitted license (including its useconditions and leaf ID) in correspondence with the user ID and password.The license server B further accesses the service database server B torecord therein the license ID of the transmitted license in associationwith the user ID (step S129). The records in the service database A arereflected in the service database C through a synchronization process,so that these records can be accessed by the content provider B as well.

Finally, the license server B accesses the fee-charging server B torequest a fee-charging process regarding the user corresponding to theuser ID and password (step S130). In response to the fee-chargingprocess request, the fee-charging server B settles the account with theapplicable user.

With this embodiment of the invention, the license for the contentobtained from another client of the same user may be granted on achargeable basis or free of charge. If the license is chargeable, theprice can be made lower than that in effect when the license in questionwas obtained for the first time. These considerations are determined atthe discretion of the content provider and are reflected by thefee-charging server in its processing.

Updating of Information Between Service Databases:

Whenever a license is downloaded from the content provider B to theclient B for use of the content moved from the client A, informationabout the download is recorded to the service database B set up by thecontent provider B. In the content delivery system of this embodiment,any updated information in the service database B is reflected in theservice database C so that the information may be shared between thecontent providers A and B. This type of collaboration in businessenables the content providers A and B in the content delivery system tolet the clients A and B of the same customer share content therebetween.

When a license has been downloaded from the content provider B to theclient B, the service databases B and C update corresponding entries inthe following tables:

-   -   (1) the table of correspondences between leaf ID's and client        ID's;    -   (2) the table of correspondences between client ID's and user        ID's;    -   (3) the table of correspondences between content ID's and        license ID's; and    -   (4) the table of correspondences between user ID's and the        license ID's of the downloaded licenses (the table may also        record the dates on which the licenses were downloaded).        Addendum:

It is to be understood that while the invention has been described inconjunction with a specific embodiment, it is evident that manyalternatives, modifications and variations will become apparent to thoseskilled in the art in light of the foregoing description. Accordingly,it is intended that the present invention embrace all such alternatives,modifications and variations as fall within the spirit and scope of theappended claims.

Industrial Applicability

This invention provides a content delivery system, an informationprocessing apparatus or method, and a computer program for enabling auser, having purchased a license, to use the licensed content on aplurality of his or her apparatuses while preventing illegal contentuses.

According to the invention, it is possible for any one of the user'sclients, each connectable to a different content provider, to purchasecontent from a given provider and share the purchased content withanother client of the same user. In this case, whether any other clientmay use the content on a chargeable basis or free of charge will bedetermined by the content providers and copyright holders at their owndiscretion.

Also according to the invention, if the content purchased by a firstclient is shared by a second client for a fee, that fee is paid solelyby the second client without implicating the first client. Thesimplified procedure is convenient for the user possessing the twoclients.

According to the invention, when one client of the user establishes orupdates information about the reproducing environment (a play list,reproduction preferences such as volume and continuous playback, GUIscreen settings, bookmarks of songs to be purchased, etc.), suchinformation can be reflected in any other client of the same user.

1. A content delivery system for delivering content to a client of auser who possesses at least two clients, each of said clients usingcontent legitimately based on an acquired license, said content deliverysystem comprising: registering means for registering each of saidclients of said user in order to acquire customer-related information;customer-related information managing means for managing saidcustomer-related information; content providing means which, in responseto a request from any one of said clients, provides content to therequesting client; first license granting means which, in response to arequest from the client having acquired the content from said contentproviding means, grants said requesting client a license for theacquired content; and second license granting means which, after saiduser has moved the content from one client to another in the possessionof the same user, grants said user a license for the moved content.
 2. Acontent delivery system according to claim 1, wherein saidcustomer-related information managing means manages a table ofcorrespondences between leaf ID's and client ID's, a table ofcorrespondences between client ID's and user ID's, a table ofcorrespondences between content ID's and license ID's, a table ofcorrespondences between user ID's and the content ID's of downloadedcontent, and a table of correspondences between user ID's and thelicense ID's of downloaded licenses.
 3. A content delivery systemaccording to claim 1, wherein said customer-related information managingmeans updates said customer-related information every time said contentproviding means provides content to a client and/or any one of saidfirst and said second license granting means grants a license to aclient.
 4. A content delivery system according to claim 1, wherein, inresponse to a request from a client for a license, said second licensegranting means acquires the requested license from said first licensegranting means and returns the acquired license to the requestingclient.
 5. A content delivery system according to claim 4, wherein saidsecond license granting means, by querying said customer-relatedinformation managing means, verifies that said requesting client islegitimate, that the same user possessing said requesting client is inpossession of another client registered with said first license grantingmeans, and that the requested license has already been granted to saidanother client by said first license granting means.
 6. A contentdelivery system according to claim 1, further comprising fee-chargingmeans for performing a fee-charging process regarding the client towhich a license has been granted.
 7. A content delivery system accordingto claim 5, wherein said fee-charging means makes a difference incharges between a case in which said first license granting means grantsa license to a client downloading content, and a case in which saidsecond license granting means grants a license to another client of thesame user in possession of said downloading client.
 8. An informationprocessing apparatus for using content, comprising: content downloadingmeans for downloading content; content storing means for storingcontent; content moving means for moving the content stored in saidcontent storing means to an external destination or for movingexternally acquired content into said content storing means; licenseacquiring means for acquiring a license for using content; and contentreproducing means for legitimately using content based on the acquiredlicense.
 9. An information processing method for using content,comprising the steps of: downloading content; storing content; movingthe content stored in said content storing step to an externaldestination or moving externally acquired content into storage;acquiring a license for using content; and legitimately using contentbased on the acquired license.
 10. A computer program which is describedin a computer-readable format and which allows a computer system togrant a user a license for using content, said user possessing at leasttwo clients which use content legitimately based on acquired licenses,said computer program comprising: a first step of determining whether ornot a client of said user requesting a license is legitimate; a secondstep of determining whether or not said user possessing the requestingclient is also in possession of another client to which said license hasalready been granted; and a third step of granting the same license tosaid requesting client if the determination in the second step providesan affirmative result.